Category Archives: Security - Page 2

Important SQL and Exchange Server patches

A security issue has been identified in the Microsoft SQL Server 2000 Desktop Engine (WMSDE) that could allow an attacker to compromise your Microsoft Windows-based system and gain control over it (Bulletin MS09-004), and Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (Bulletin MS09-003).

The vulnerability in the MS Exchange Server is the most severe, Microsoft explains:

”This vulnerability means that any cybercriminal sending a well
crafted email attachment to an enterprise could gain complete control
over the server and gaining one of the keys to the kingdom…

All kinds of highly confidential and proprietary information pass
through an Exchange server every day.  Gaining control over it and its
content would be a gold mine to any cyber criminal,”  – Extracted from ZDNet

Other applications are also being patched up, Microsoft Visio and IE being included. Microsoft released its monthly security bulletin on the 10th of February.

Technorati Tags: , , ,

Is Mac Safer?

I was reading this article on ZDNET.com “Is Mac still the safer bet?” by Adrian Kingsley-Hughes. This is a question that I have been asked many times also, “Is Mac safer than windows?” Although many times it sounded more like an affirmation than a question.

I wouldn’t say it’s safer, it’s just not as targeted. Once Mac becomes a target, the cyber criminals will have a lot of fun because of the lack of attention to security Mac users have. To switch platform with the sole reason of not having to think about security is very lame.

The Microsoft operating system is targeted  for its many vulnerabilities including the end users, who have now started to take security really seriously. Mac users have to step up on their care for security. Most problems I find with Mac users are:

  •  Very simple (Unsecure) passwords
  •  Blind trust in any program that is available for Macs (because its safe right!)
  •  Addiction to desktop gadgets (because its safe right!)
  •  Keychain unconditional love – store all and any passwords (this combined with my first point can be a disaster)
  •  Will join any wireless network availabe (I am safe it’s a Mac)
  •  Last but not least… they are  annoying. ;)

I do not intend to have a go at Apple/Mac and its users, but the lack of security awareness I have seen , specially the new ones recently switched from Windows, is scary. If a well developed targeted malware or virus were to be released now it would be a global disaster.

So my answer to the question is: “The operating system hasn’t been target untill then no one will know how much safer it is. Mac users brace yourselves!”

Technorati Tags: , , , , ,

Browser Password Security test – most failed

Google Chrome and Safari are tied at the bottom of the list of a password security test run by CIS – Chapin Information Services.

Two years ago CIS discovered a flaw on Mozilla that could give “clever attackers” access to your saved passwords. A few days ago CIS ran a security test on all the major browsers and to their horror and surprise most of them did really badly, including Internet Explorer.

Among the problems are three in particular that, when combined,
allow password thieves to take passwords without the user’s knowledge.
They are:

  1. The destination where passwords are sent is not checked.
  2. The location where passwords are requested is not checked.
  3. Invisible form elements can trigger password management.

Read more »

Technorati Tags: , , ,